ClientCertAuthenticator.java

package org.infinispan.rest.embedded.netty4.security;

import java.io.IOException;

import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.ws.rs.core.SecurityContext;

import org.infinispan.rest.embedded.netty4.NettySecurityContext;
import org.jboss.resteasy.plugins.server.embedded.SecurityDomain;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.jboss.resteasy.util.HttpResponseCodes;

import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.ssl.SslHandler;

/**
 * Client Certificate authenticator
 *
 * @author Tristan Tarrant
 * @since 9.0
 */

public class ClientCertAuthenticator implements Authenticator {

   private final SecurityDomain domain;

   public ClientCertAuthenticator(SecurityDomain domain) {
      this.domain = domain;
   }

   @Override
   public SecurityContext authenticate(ChannelHandlerContext ctx, HttpRequest request, HttpResponse response) throws IOException {
      SslHandler sslHandler = ctx.pipeline().get(SslHandler.class);
      try {
         SSLSession session = sslHandler.engine().getSession();
         return new NettySecurityContext(session.getPeerPrincipal(), domain, "ClientCert", true);
      } catch (SSLPeerUnverifiedException e) {
         // Ignore any SSLPeerUnverifiedExceptions
      }
      response.sendError(HttpResponseCodes.SC_UNAUTHORIZED);
      return null;
   }
}